Linux系统,IBM HS22+7870刀片,漏洞扫描一扫就死,必须重启才可以恢复,求高手解答!!
Jul 25 17:56:31 hostwww xinetd[2179]: START: vopied pid=13758
from=::ffff:192.168.20.43
Jul 25 17:56:31 hostwww xinetd[13758]: warning: can't get client address: Connection
reset by peer
Jul 25 17:56:31 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13758 duration=0
(sec)
Jul 25 17:56:31 hostwww xinetd[2179]: START: bpjava-msvc pid=13760
from=::ffff:192.168.20.43
Jul 25 17:56:31 hostwww xinetd[13760]: warning: can't get client address: Connection
reset by peer
Jul 25 17:56:31 hostwww xinetd[2179]: EXIT: bpjava-msvc signal=13 pid=13760
duration=0(sec)
Jul 25 17:56:31 hostwww xinetd[2179]: START: bpcd pid=13762
from=::ffff:192.168.20.43
Jul 25 17:56:31 hostwww xinetd[13762]: warning: can't get client address: Connection
reset by peer
Jul 25 17:56:31 hostwww xinetd[2179]: EXIT: bpcd status=160 pid=13762 duration=0
(sec)
Jul 25 17:56:32 hostwww xinetd[2179]: START: vnetd pid=13764
from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: EXIT: vnetd status=43 pid=13764 duration=0
(sec)
Jul 25 17:56:32 hostwww xinetd[2179]: START: bpcd pid=13768
from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: START: bpjava-msvc pid=13769
from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: START: vnetd pid=13770
from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: START: vopied pid=13771
from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=13769
duration=0(sec)
Jul 25 17:56:32 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13771 duration=0
(sec)
Jul 25 17:56:35 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=13768 duration=3(sec)
Jul 25 17:56:43 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13770 duration=11
(sec)
Jul 25 17:56:43 hostwww xinetd[2179]: START: vnetd pid=13776
from=::ffff:192.168.20.43
Jul 25 17:56:48 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13776 duration=5(sec)
Jul 25 17:56:48 hostwww xinetd[2179]: START: vnetd pid=13779
from=::ffff:192.168.20.43
Jul 25 17:56:53 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13779 duration=5(sec)
Jul 25 17:56:53 hostwww xinetd[2179]: START: vnetd pid=13782
from=::ffff:192.168.20.43
Jul 25 17:56:53 hostwww xinetd[2179]: EXIT: vnetd status=1 pid=13782 duration=0(sec)
Jul 25 17:56:53 hostwww xinetd[2179]: START: vnetd pid=13783
from=::ffff:192.168.20.43
Jul 25 17:56:53 hostwww xinetd[2179]: EXIT: vnetd status=1 pid=13783 duration=0(sec)
Jul 25 17:57:04 hostwww xinetd[2179]: START: vopied pid=13786
from=::ffff:192.168.20.43
Jul 25 17:57:04 hostwww xinetd[2179]: START: bpcd pid=13787
from=::ffff:192.168.20.43
Jul 25 17:57:04 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13786 duration=0
(sec)
Jul 25 17:57:07 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=13787 duration=3(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: START: vnetd pid=13803
from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13803 duration=0(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: START: bpjava-msvc pid=13806
from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: START: vnetd pid=13807
from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: START: bpcd pid=13808
from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: START: vopied pid=13809
from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=13806
duration=0(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: vnetd status=1 pid=13807 duration=0(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13809 duration=0
(sec)
Jul 25 17:57:22 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=13808 duration=3(sec)
Jul 25 17:57:27 hostwww kernel: possible SYN flooding on port 5989. Sending cookies.
Jul 25 18:10:25 hostwww xinetd[2179]: START: bpjava-msvc pid=14007
from=::ffff:192.168.20.43
Jul 25 18:10:25 hostwww xinetd[14007]: warning: can't get client address: Connection
reset by peer
Jul 25 18:10:25 hostwww xinetd[2179]: EXIT: bpjava-msvc signal=13 pid=14007
duration=0(sec)
Jul 25 18:10:27 hostwww xinetd[2179]: START: bpjava-msvc pid=14008
from=::ffff:192.168.20.43
Jul 25 18:10:27 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=14008
duration=0(sec)
Jul 25 18:11:00 hostwww xinetd[2179]: START: bpcd pid=14016
from=::ffff:192.168.20.43
Jul 25 18:11:00 hostwww xinetd[14016]: warning: can't get client address: Connection
reset by peer
Jul 25 18:11:00 hostwww xinetd[2179]: EXIT: bpcd status=160 pid=14016 duration=0
(sec)
Jul 25 18:11:20 hostwww xinetd[2179]: START: vopied pid=14020
from=::ffff:192.168.20.43
Jul 25 18:11:20 hostwww xinetd[14020]: warning: can't get client address: Connection
reset by peer
Jul 25 18:11:20 hostwww xinetd[2179]: EXIT: vopied status=7 pid=14020 duration=0
(sec)
Jul 25 18:12:34 hostwww qpidd[2285]: 2017-07-25 18:12:34 error Could not accept
socket: Transport endpoint is not connected (qpid/sys/posix/Socket.cpp:58)
Jul 25 18:13:01 hostwww xinetd[2179]: START: vopied pid=14047
from=::ffff:192.168.20.43
Jul 25 18:13:01 hostwww xinetd[14047]: warning: can't get client address: Connection
reset by peer
Jul 25 18:13:01 hostwww xinetd[2179]: EXIT: vopied status=7 pid=14047 duration=0
(sec)
Jul 25 18:13:25 hostwww xinetd[2179]: START: vnetd pid=14057
from=::ffff:192.168.20.43
Jul 25 18:13:25 hostwww xinetd[2179]: EXIT: vnetd status=43 pid=14057 duration=0
(sec)
Jul 25 18:14:22 hostwww xinetd[2179]: START: vnetd pid=14074
from=::ffff:192.168.20.43
Jul 25 18:14:22 hostwww xinetd[2179]: EXIT: vnetd status=43 pid=14074 duration=0
(sec)
Jul 25 18:14:51 hostwww xinetd[2179]: START: bpjava-msvc pid=14085
from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: START: bpcd pid=14087
from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: START: vnetd pid=14088
from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: START: vopied pid=14090
from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=14085
duration=0(sec)
Jul 25 18:14:51 hostwww xinetd[2179]: EXIT: vopied status=7 pid=14090 duration=0
(sec)
Jul 25 18:14:54 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=14087 duration=3(sec)
Jul 25 18:14:55 hostwww xinetd[2179]: START: bpcd pid=14093
from=::ffff:192.168.20.43
Jul 25 18:14:55 hostwww xinetd[14093]: warning: can't get client address: Connection
reset by peer
Jul 25 18:14:55 hostwww xinetd[2179]: EXIT: bpcd status=160 pid=14093 duration=0
(sec)
Jul 25 19:07:36 hostwww kernel: imklog 4.6.2, log source = /proc/kmsg started.
你追查下扫描操作,我遇到过把数据库扫描down机的,费点儿力气,不过可以分析出来。猜测应该是扫描器bug,没有很好控制操作,而到内核级别了,扫描器应该是指向哪里扫描那里,不应该随便乱扫。